vendor:
Cart32
by:
Unknown
5.5
CVSS
MEDIUM
Arbitrary File Download
22
CWE
Product Name: Cart32
Affected Version From: 6.3
Affected Version To: 6.3
Patch Exists: NO
Related CWE:
CPE: a:cart32:cart32:6.3
Platforms Tested: Windows
2007
Arbitrary File Download Vulnerability in Cart32
The Cart32 application fails to sanitize user-supplied input, leading to an arbitrary file download vulnerability. An attacker can exploit this vulnerability to download arbitrary files within the context of the webserver process, potentially aiding in further attacks.
Mitigation:
Apply the latest patch or upgrade to a non-vulnerable version of Cart32. Additionally, ensure that user-supplied input is properly sanitized and validated.